Thank you for sharing!

Your article was successfully shared with the contacts you provided.
As the past few years have taught us, there are many privacy and security issues related to the Internet. The lesson of the Melissa and ILOVEYOU viruses is that there are costs and annoyances of being connected to the Internet. A slight variation on that lesson: Just as the Web allows everyone to be a publisher, it also allows a document to be a secret agent, snooping on those who read it. Let’s talk about Web bugs and Microsoft Word, the software that lawyers use more than any other. Bugs are Web links hidden in documents that allow the creator of the bug surreptitiously to note when a document has been read and from what location, and when it is passed along to others. Advertisers have long used these hidden devices on Web pages, but until late August, it was not widely known that Word documents could contain them, too. For that we can thank the Privacy Foundation, which issued an advisory warning people of this hidden capability of Word. The ability to bug Word documents arises from a useful feature in the program. If there is an image on a Web site that you would like to display in a document, you can simply create a link to the image, rather than paste it into the document. This is a space-saving feature; it is also an invitation to mischief. You can create an image that is literally the size of a dot — one pixel by one pixel. The dot, whose only purpose is to track the document, is too small to notice. But each time the document is opened, Word will fetch the dot from a Web server, and the server will be able to monitor the Web address and time the document was opened. The Web address won’t necessarily tell the bug creator who opened a document, but it will likely reveal the organization where that person works. But before you cry foul, consider the practical uses of bugs. You can track leaks of confidential documents, discover copyright infringement, and monitor the distribution of press releases and newsletters. But these invisible bugs can also be used against you. Opposing counsel, for example, could track to whom you send a draft settlement. The Privacy Foundation has no evidence that Word documents have ever been used in this way. Still, Web bugs represent the classic tradeoff between ease of use and strength of security. The more friendly a system, the less secure. But how can you lock things down so that people have confidence in Word, for example, without unduly crippling useful features? Word itself is not a piece of “spyware.” It does, however, have security holes the size of Mount Rushmore. Word documents already store various identifying and potentially incriminating data (prior revisions and author names, for example). Word macros, or mini-programs, also can serve as host to damaging viruses. It is relatively easy to minimize most of the risks that these holes create. Certain features can be disabled. For those that can’t, anti-virus programs and firewalls, among others, are important tools. ZoneAlarmis a free firewall program that doesn’t allow any program access to the Net without specific permission from the user. If Word tries to access the Net, ZoneAlarm pops up a prompt that alerts you immediately and lets you decide. There are no silver bullets here. Bugs in Web pages or Web-formatted e-mail will still get by these firewalls. This is because most people normally set their firewalls to allow full Internet access to their Web browser and e-mail programs. Even worse, many people, companies and firms don’t use firewalls. Perhaps posing the largest challenges are programs designed to send “secret” information out along with useful information. This category is growing exponentially, and it is where most people have to choose between accepting the risk with the reward. The alternative is not to use the program at all. Short of using “packet sniffers” (programs that track the actual data sent back and forth across the Web), it’s extremely difficult to know exactly what’s being sent to or from your computer. Microsoft could add an option to Office to disable external Web links. The company took this approach in response to macro viruses but thus far has shown no interest in doing so for Web bugs. It may be waiting for an actual instance of a Web bug’s being found in a Word document. Bugs are just one a symptom of the underlying problem. One could easily bash Microsoft for it, but any Web-enabled application could conceivably contain surreptitious “phone home” technology. I will say that Microsoft could build in a lot more security to offset the problems. But with Microsoft having publicly announced its intention to offer software over the Net, who knows what they’ll do with the opportunity? I just know that I’ll be keeping my eyes and ears open (and my firewall closed). Jeffrey Beard ( [email protected]) is a legal technologist at Milwaukee’s Quarles & Brady. The Privacy Foundation’s alert regarding Web bugs and Microsoft Word is at www.privacyfoundation.org.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.